Ruby is an interpreted scripting language for object-oriented programming.

An SSL certificate validation flaw was discovered in several Ruby Netmodules. The libraries were not checking the requested host name againstthe common name (CN) in the SSL server certificate, possibly allowing a manin the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain abackported patch to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188